Last week-end was ShmooCon CTF Warmup Contest (aka Ghost in the Shellcode 2011). Three challenges, the last one being an ELF binary + hostname of a server.
Congrats to awesie/zoaedk & tylerni7 of team PPP for solving it pretty quickly. And since they explained the level pretty well, I really invite you to read their solution.
Friday, January 14, 2011
Thursday, January 13, 2011
Some news...
Recently I've been playing with gdb 7.2 and python. It extends what we can have with a great .gdbinit such as gdbinit73. As examples, read the following articles presenting some of the features, or just browse the Python API offered by gdb. A good introduction to gdb and python is also this article by sha on Nibbles blog (english here).
Last week-end were given nice challenges to win a ticket for ShmooCon security conference later this month. Congrats to awesie/zoaedk & tylerni7 of team PPP for solving #3 (see their writeup), a cool network binary involving JS code, a stack-based buffer overflow and some memory leak. I wasn't fast nor good enough but learned a lot!
Speaking of which, get ready for Paradox Conference this week-end in Korea: they provide an online CTF contest, should be challenge-based like defcon quals.
Update: this week-end there is also Wargame SbD I organized by our spanish friends at Security by Default (SbD). Unlike Padocon, there is a nice prize (amazon gift card which is worth an iPad). Thanks @aramosf for reminding me.
Realized again Ubuntu security features. Ptrace scope for instance, protects against same-user ptraces to peek into another process memory.
Made a very small idadif.py to patch a binary from a DIF file produced by IDA. Did not find any better method to do that :/
Also, 27c3 was great. And I love Berlin :)
Last but not least, hacky new year!
Last week-end were given nice challenges to win a ticket for ShmooCon security conference later this month. Congrats to awesie/zoaedk & tylerni7 of team PPP for solving #3 (see their writeup), a cool network binary involving JS code, a stack-based buffer overflow and some memory leak. I wasn't fast nor good enough but learned a lot!
Speaking of which, get ready for Paradox Conference this week-end in Korea: they provide an online CTF contest, should be challenge-based like defcon quals.
Update: this week-end there is also Wargame SbD I organized by our spanish friends at Security by Default (SbD). Unlike Padocon, there is a nice prize (amazon gift card which is worth an iPad). Thanks @aramosf for reminding me.
Realized again Ubuntu security features. Ptrace scope for instance, protects against same-user ptraces to peek into another process memory.
Made a very small idadif.py to patch a binary from a DIF file produced by IDA. Did not find any better method to do that :/
Also, 27c3 was great. And I love Berlin :)
Last but not least, hacky new year!